An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
codesys safety sil2 runtime toolkit |
||
codesys safety sil2 psp |
||
codesys hmi \\(sl\\) |
||
codesys development system v3 |
||
codesys control win \\(sl\\) |
||
codesys control runtime system toolkit |
||
codesys control rte \\(sl\\) |
||
codesys control rte \\(for beckhoff cx\\) sl |
||
codesys control for wago touch panels 600 sl |
||
codesys control for raspberry pi sl |
||
codesys control for plcnext sl |
||
codesys control for pfc200 sl |
||
codesys control for pfc100 sl |
||
codesys control for linux sl |
||
codesys control for iot2000 sl |
||
codesys control for empc-a\\/imx6 sl |
||
codesys control for beaglebone sl |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources What are these gadgets running, Windows? Ka-boom-tsch
Fifteen bugs in Codesys' industrial control systems software could be exploited to shut down power plants or steal information from critical infrastructure environments, experts have claimed. In a report and more published on GitHub, Microsoft threat intel specialist Vladimir Tokarev says the Windows giant – no stranger to security holes, cough – disclosed details of vulnerabilities in the Codesys V3 SDK to the Germany-based vendor in September 2022. Codesys has since patched the bugs. The S...